I was reading some write-ups, and I came across this bug which I really liked “Getting a Google employee account” It was a nice find by Alex Birsan. I started testing the issue tracker, and I was trying to see if I can get a google account then looking around in issue tracker, I noticed browse components there were two public issue trackers I clicked on Android Public Tracker

We can see bugs reported to android here. To report a Bug in Android public issue tracker you can send an email to-

buganizer-system+componentID@google.com

where android’s component id is 190923.

I can see my issue got listed in the public issue tracker. I got a confirmation email from buganizersystem+my_email@google.com and reply to the email will be directed to-

buganizer-system+componentID+issueID@google.com

I replied to that email and comment was posted in the conversation. I can add google email to see if I can get a confirmation code, to test this I clicked on Forwarding and POP/IMAP in Gmail settings and added the google email to the forwarding email address. I was surprised to see I got a confirmation code in the Android public issue tracker.

There are two parts here to get a google account. Signup and verification. I can verify a google account, but I could not signup for a @google.com account so my report was closed as Won’t Fix.

then I started visiting every sub-domain of Google to see if I can use google.com email to signup and this new signup page appeared.

My heart rate increased after seeing the new signup page. I began to sign up using the bug…@google.com email and then it asked me to verify by entering the code.

Verify your email address

I was waiting for the verification code in the conversation and then received the verification code in the mail.

After successfully signing up for the Google Account, I reopened the issue.

Nice catch!

It was 9:50 PM I was looking for bugs, and finally, the most awaited email arrived $3133.70. I could not sleep the whole night.

Video

Thanks to Alex Birsan this would not be possible without his write-up. I learned a lot from reading write-ups. Thanks toAvinash Jain and Alex Birsan for taking the time to review the draft

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. #sharingiscaring

Never miss a story from InfoSec Write-ups, when you sign up for Medium. Learn more